Google Details Upcoming Chrome Security Features

June 15, 2011 – 1:30 PM

Google has released a list of security features being built into the upcoming Chrome 13 and includes Content Security Policy (CSP) and HTTP Strict Transport Security (HSTS) implementations, certificate pinning and self-XSS filter.

The Content Security Policy (CSP) is a specification developed by Mozilla which aimed at providing a solution for many of today’s malicious injection attacks. It allows websites to restrict the sources of content that can be loaded into their pages. For example, a webmaster can provide a list of domains for images, embedded objects, scripts, fonts or frames.

This significantly restricts the options for attackers who currently exploit vulnerabilities to inject rogue iframe and script elements that load content from domains under their control. The CSP implementation in Chrome 13 is only for experimental purposes and webmasters that want to try it out can use the X-WebKit-CSP temporary header.

Source:
http://news.hitb.org/content/google-details-upcoming-chrome-security-features

How to Delete an Account from Any Website

June 11, 2011 – 12:16 AM

The words “I wish I could quit you” take on a whole new meaning when you want out of a relationship with an online service. Sure, you once thought you would be together forever, but eventually terms of service change, end-user license agreements mature, and, well, you’re just not in the same place anymore.

Sadly, not all websites and social networks are created equal when it comes to breaking up. With some, it takes only a couple of clicks to say good-bye, and for a few sites, if you stop paying for service, the site cut ties fairly quickly. Others make you jump through more hoops than a tiger at the circus. Even after you follow all of the required steps, some of these sites never quite separate from you, but keep vestiges of your relationship around forever.

Source:
http://www.pcmag.com/article2/0,2817,2386458,00.asp

How to stop your Gmail account being hacked

June 2, 2011 – 1:28 PM

As has been widely reported, high profile users of Gmail – including US government officials, reporters and political activists – have had their email accounts hacked.

This wasn’t a sophisticated attack against Google’s systems, but rather a cleverly-crafted HTML email which pointed to a Gmail phishing page. Victims would believe that they had been sent an attachment, click on the link, and be greeted by what appeared to be Gmail’s login screen. Before you knew it, your Gmail username and password could be in the hands of unauthorised parties.

Source:
http://nakedsecurity.sophos.com/2011/06/02/how-to-stop-your-gmail-account-being-hacked/

NSA’s Guide to Securing Your PC

May 23, 2011 – 12:22 PM

NSA has developed and distributed configuration guidance for operating systems. These guides are currently being used throughout the government and by numerous entities as a security baseline for their systems.

Source:
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml

Security Group Claims to Have Subverted Google Chrome’s Sandbox

May 9, 2011 – 10:48 PM

A French security research firm boasted today that it has discovered a two-step process for defeating Google Chrome‘s sandbox, the security technology designed to protect the browser from being compromised by previously unknown security flaws. Experts say the discovery, if true, marks the first time hackers have figured out a way around the vaunted security layer, and almost certainly will encourage attackers to devise similar methods of subverting this technology in Chrome and other widely used software.

Source:
http://krebsonsecurity.com/2011/05/security-group-claims-to-have-subverted-google-chromes-sandbox/